<?php
    include("../includes/config.php");
    include("../includes/connection.php");
    include("../includes/database.php");

    include("authenticate.php");
    
    $title = "Delete Post";
    
    include("header.php");

    $post = mysql_fetch_assoc(getPost($_GET["id"]));
    if (isset($_POST["id"])) {
        $sql = "DELETE FROM posts WHERE id = " . $_POST["id"] . ";";
        
        if ($_SESSION["user_level"] == 1 || $post["author_id"] == $_SESSION["user_id"]) {
            if (mysql_query($sql)) {
?>
                <h1>The post has been deleted.</h1>
                <a href="<?php echo $CONFIG["base_url"] ?>admin/posts.php" class="btn btn-primary">Return</a>
<?php
            }
            else {
?>
                <h1>Error!</h1>
                <h2><?php echo mysql_error(); ?></h2>
                <a href="<?php echo $CONFIG["base_url"] ?>admin/posts.php" class="btn btn-primary">Return</a>
<?php               
            }
        }
        else {
?>
            <h1 style="color: red;">You don't have privilege to delete this post!</h1>
            <a href="<?php echo $CONFIG["base_url"] ?>admin/posts.php" class="btn btn-primary">Return</a>
<?php
        }
    }
    else {        
?>
        <h2>Are you sure you want to delete this post: <small><?php echo $post["title"] ?></small>?</h2>
        <form action="<?php echo $_SERVER['PHP_SELF'] ?>?id=<?php echo $_GET["id"]?>" method="POST">
            <input type="hidden" name="id" value="<?php echo $_GET["id"] ?>"/>
            <input type="submit" value="Yes" class="btn btn-danger"/>
            <input type="button" value="No" class="btn"/>
        </form>
<?php
    }
    
    include("footer.php");
?>
